Sign-up

ID

VAR-201805-0209


CVE

CVE-2017-17158


TITLE

plural Huawei Vulnerability related to input confirmation in smartphones

Trust: 0.8

sources: JVNDB: JVNDB-2017-013469

DESCRIPTION

Some Huawei smart phones with the versions before Berlin-L21HNC185B381; the versions before Prague-AL00AC00B223; the versions before Prague-AL00BC00B223; the versions before Prague-AL00CC00B223; the versions before Prague-L31C432B208; the versions before Prague-TL00AC01B223; the versions before Prague-TL00AC01B223 have an information exposure vulnerability. When the user's smart phone connects to the malicious device for charging, an unauthenticated attacker may activate some specific function by sending some specially crafted messages. Due to insufficient input validation of the messages, successful exploit may cause information exposure. plural Huawei Smartphones contain a vulnerability related to input confirmation.Information may be obtained. HuaweiBerlin-L21HN and Prague-AL00A are all smartphone products of China Huawei. There are information disclosure vulnerabilities in various Huawei phones. Successful use of this vulnerability may result in partial disclosure of information due to failure to adequately verify the message

Trust: 2.16

sources: NVD: CVE-2017-17158 // JVNDB: JVNDB-2017-013469 // CNVD: CNVD-2018-12842

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2018-12842

AFFECTED PRODUCTS

vendor:huaweimodel:prague-tl00ascope:ltversion:tl00ac01b223

Trust: 1.0

vendor:huaweimodel:prague-tl10ascope:ltversion:tl00ac01b223

Trust: 1.0

vendor:huaweimodel:prague-al00cscope:ltversion:al00cc00b223

Trust: 1.0

vendor:huaweimodel:prague-al00ascope:ltversion:al00ac00b223

Trust: 1.0

vendor:huaweimodel:prague-l31scope:ltversion:l31c432b208

Trust: 1.0

vendor:huaweimodel:prague-al00bscope:ltversion:al00bc00b223

Trust: 1.0

vendor:huaweimodel:berlin-l21hnscope:ltversion:l21hnc185b381

Trust: 1.0

vendor:huaweimodel:berlin-l21hnscope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-al00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-al00bscope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-al00cscope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-l31scope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-tl00ascope: - version: -

Trust: 0.8

vendor:huaweimodel:prague-tl10ascope: - version: -

Trust: 0.8

vendor:huaweimodel:berlin-l21hn the versions before berlin-l21hnc185b381scope: - version: -

Trust: 0.6

vendor:huaweimodel:prague-al00c the versions before prague-al00cc00b223scope: - version: -

Trust: 0.6

vendor:huaweimodel:prague-l31 the versions before prague-l31c432b208scope: - version: -

Trust: 0.6

vendor:huaweimodel:prague-tl00a the versions before prague-tl00ac01b223scope: - version: -

Trust: 0.6

vendor:huaweimodel:prague-tl10a the versions before prague-tl00ac01b223scope: - version: -

Trust: 0.6

vendor:huaweimodel:prague-al00a the versions before prague-al00ac00b223scope: - version: -

Trust: 0.6

vendor:huaweimodel:prague-al00b the versions before prague-al00bc00b223scope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2018-12842 // JVNDB: JVNDB-2017-013469 // NVD: CVE-2017-17158

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-17158
value: MEDIUM

Trust: 1.0

NVD: CVE-2017-17158
value: MEDIUM

Trust: 0.8

CNVD: CNVD-2018-12842
value: HIGH

Trust: 0.6

CNNVD: CNNVD-201712-315
value: LOW

Trust: 0.6

nvd@nist.gov: CVE-2017-17158
severity: LOW
baseScore: 2.1
vectorString: AV:L/AC:L/AU:N/C:P/I:N/A:N
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

CNVD: CNVD-2018-12842
severity: HIGH
baseScore: 7.8
vectorString: AV:N/AC:L/AU:N/C:C/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2017-17158
baseSeverity: MEDIUM
baseScore: 4.6
vectorString: CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: PHYSICAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 0.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2018-12842 // JVNDB: JVNDB-2017-013469 // CNNVD: CNNVD-201712-315 // NVD: CVE-2017-17158

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2017-013469 // NVD: CVE-2017-17158

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201712-315

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201712-315

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2017-013469

PATCH
title:huawei-sa-20180523-01-phoneurl:https://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en
Trust: 0.8
title:Patches for multiple Huawei mobile phone information disclosure vulnerabilitiesurl:https://www.cnvd.org.cn/patchInfo/show/134013
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12842 // 
            
            
            
            JVNDB: JVNDB-2017-013469

EXTERNAL IDS
db:NVDid:CVE-2017-17158
Trust: 3.0
db:JVNDBid:JVNDB-2017-013469
Trust: 0.8
db:CNVDid:CNVD-2018-12842
Trust: 0.6
db:CNNVDid:CNNVD-201712-315
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12842 // 
            
            
            
            JVNDB: JVNDB-2017-013469 // 
            
            
            
            CNNVD: CNNVD-201712-315 // 
            
            
            
            NVD: CVE-2017-17158

REFERENCES
url:http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20180523-01-phone-en
Trust: 1.6
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-17158
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2017-17158
Trust: 0.8
url:https://www.huawei.com/cn/psirt/security-advisories/huawei-sa-20180523-01-phone-cn
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2018-12842 // 
            
            
            
            JVNDB: JVNDB-2017-013469 // 
            
            
            
            CNNVD: CNNVD-201712-315 // 
            
            
            
            NVD: CVE-2017-17158

SOURCES
db:CNVDid:CNVD-2018-12842
db:JVNDBid:JVNDB-2017-013469
db:CNNVDid:CNNVD-201712-315
db:NVDid:CVE-2017-17158

LAST UPDATE DATE
2024-11-23T22:52:05.658000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2018-12842date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2017-013469date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201712-315date:2018-06-13T00:00:00
db:NVDid:CVE-2017-17158date:2024-11-21T03:17:36.397

SOURCES RELEASE DATE
db:CNVDid:CNVD-2018-12842date:2018-07-11T00:00:00
db:JVNDBid:JVNDB-2017-013469date:2018-07-12T00:00:00
db:CNNVDid:CNNVD-201712-315date:2017-12-08T00:00:00
db:NVDid:CVE-2017-17158date:2018-05-24T14:29:00.250